AI – raising the priority for data and information governance

As Artificial Intelligence (AI) and Large Language Models (LLMs) become more embedded in business operations, Australian organisations must prioritise their data and information governance arrangements, i.e. the policies, procedures, and processes that ensure they use AI systems in a responsible and ethical manner. Some organisations will have developed a level of maturity in this area of governance, lessening their workload. However, for those that have little or no maturity then the risks associated with the use of AI grow quickly, along with potential operational inefficiencies, compliance issues and ethical concerns.

Contact us to request a copy of the report - Local Government AI adoption.

Data governance

In essence, data governance supports an organisation’s strategy by managing data as a strategic asset, which in turn allows the business to leverage data for growth, risk management and operational efficiency. The management of data as a strategic asset requires a focus on establishing policies, standards and procedures to ensure data quality, accuracy, security, and accessibility. Effective data governance is foundational for reliable analytics, business intelligence, and decision-making. Without it, insights can be flawed due to inconsistent or poor-quality data.

Information governance

Information Governance is a broader concept that encompasses not only data governance but also the management of all forms of information (digital and physical), including documents, records, and communications.

Robust Information Governance helps organisations maximise the value of information, minimise risks and costs, and improve productivity and responsiveness, especially in regulatory or legal contexts.

As a combination, data and information governance enables an organisation to extract maximum value from their information, supports informed decision-making, and maintains regulatory and organisational rigor.

In summary, both data governance and information governance are intertwined and dependent on each other. Data governance ensures that business data is accurate and reliable, while information governance provides the strategic framework to manage all information assets in line with business goals, risk management and compliance requirements.

Contact us to request a copy of the whitepaper – Addressing the business risks of AI.

Setting up for the future

To establish effective data and information governance requires executive sponsorship by appointing a CIO/CDO level leader and a cross-functional data governance committee of stakeholders. Once clear goals tied to business priorities are agreed, then a comprehensive data inventory is required to understand data locations, flows, and ownership, focusing initially on high-risk or high-value data such as customer or financial information. This visibility gained through doing a data inventory will support informed decision-making, risk mitigation, and the development of sound data policies.

These data policies should address data classification, access controls, retention, and disposal. Policies must also include standards for data quality, privacy, and security—and be practical and scalable to meet the organisation’s needs.

Assigning roles and responsibilities ensures accountability. Data owners, stewards, and custodians will be required to manage data throughout its lifecycle. Training and clear documentation will help them enforce policies and resolve issues effectively.

Rather than treating it as a separate task, governance practices should be integrated into existing processes like employee onboarding, analytics, and project management. Technology will also play a role in operationalising governance as tools can support data cataloguing, metadata management, access control, and data quality monitoring. These capabilities become especially valuable when integrating AI systems.

Governance is not a one-time effort. Employee education, metrics to track progress, regular audits, and policy reviews based on evolving risks and feedback will all help to make good data and information governance a shared organisational value.

Finally, an initiative to improve data and information governance will also help drive cybersecurity strategy discussions. Having built better visibility of data and information, some decisions regarding the suitability of existing controls to provide the appropriate levels of protection (CIA) for these assets may need to be made.

Contact us today to discuss how Kaon Security can help to prepare your organisation to realise the business potential of your data and information assets in a secure manner.